Normalizing URLs and forms

Normalization rules help the scan job determine whether URLs and forms are unique so that they are not repeated incorrectly in your reports.

About this task

Learn more about normalization:

Normalization rules help the scan job determine whether URLs and forms are unique so that they are not repeated incorrectly in your reports. When URLs and forms are repeated, they inflate the number of reported issues as well as other statistics.

Here are some circumstances where you should apply normalization rules:

  • Your site uses static URLs and you need the scan job to identify the difference between pages. Use the Normalization Rules section of the page.
  • You have parameters from forms or query strings that might cause the scan job to believe that the URLs or forms are different, when they really are not. Use the Parameter and Cookie Exclusions section of the page.
  • You have both HTTP and HTTPS servers with identical content and you want to ensure that the scan job does not incorrectly include both sets of pages in its analysis; otherwise, your reports will be inflated. Use the URL Substring Exclusions section of the page. For example, https://example.support.com/index.asp and http://example.support.com/index.asp are both identical pages. Both "http" and "https" should be added as exclusions, otherwise they will both be reported as unique URLs.

Normalization rules apply to all pages in a domain. Because domains are global, the rules are automatically applied to every job in your installation. Therefore, every job will have the same set of rules applied to the pages that it scans. When the results from the jobs are combined together in a report pack, the data is therefore consistent.

Procedure

  1. Go to the Parameters and Cookies page of the content scan job, expand the Normalization Rules section, and select an option.
  2. In the Ignore the following parameters and cookies when applying normalization rules section, enter the parameters or cookies you want to exclude. It does not matter if the parameters are submitted through query string or POST data; the difference is immaterial to the server; you do not need to identify them separately.
  3. Click Save when your changes are complete.

What to do next

Defining parameters and cookies